Counterfeits are extremely severe trouble to product manufacturers. Today, counterfeits can be seen in many industries, e.g. wine, cigarette, drug, cosmetics, CD, DVD, software, sports appliance, children's article, jewelry, etc. For decades, the industries are combating with the forgers. However, along with the continuous march of anti-counterfeit effort, counterfeits are getting incredibly prevalent in most countries, no matter western or eastern.
Counterfeits bring to innocent manufacturers not only huge loss in terms of profit, but also disaster in terms of credit. An ordinary consumer, who unfortunately buys counterfeit and is dissatisfied with the poor quality of the counterfeit, in many cases cannot distinguish the counterfeit from genuine product, therefore will negatively however falsely assess the product quality of the genuine manufacturer. The final sad story is: the forger makes money while the innocent manufacturer gets punished.
The product manufacturers are always thirsting for product authentication solutions that can help consumers to distinguish genuine products from fake ones. If the solution makes it handy for the consumer to authenticate product, the counterfeits will be easily driven out of the market.
Anti-counterfeit is a very hot topic in patent applications and many solutions have already been seen in the market. Before the wide adoption of computer communication network, the anti-counterfeit solutions are in general based on physical means, e.g. special printing ink, paper, texture and laser label. Such physical means are alleged by the solution providers as strong against counterfeit. But, past decades of history clearly disagree with those providers' allegation. The bank note is a very good example. The most advanced physical means can always be found in the bank note. However, fake bank notes never disappear. Apparently, ordinary product manufacturers cannot stand the high cost that applies to bank note anti-counterfeit. Therefore, anti-counterfeit solutions adopted by ordinary product manufacturers are very vulnerable.
In past 20 years, computer communication networks successfully break through to the consumer market. Global Internet access fee and fix/mobile telecommunication fee get so low that they are affordable to a large portion of the people living on the planet. Consequently, it's not surprising to see more and more anti-counterfeit solutions that try to transmit product authentication information conveyed by the product to a backend server and let the server decide whether the product is real or fake. For example Chinese patent applications 99126659 and 0211542 fall in this class of technique.
RFID tag is another rising star in fighting against counterfeits. The term RFID covers a family of radio and processor technologies that have widely varying amounts of computational power, read range, and cost. Supply chain tags have been famous since WalMart and U.S. Department of Defense started large scale trials. The industry body EPCglobal (www.epcglobaline.org) has defined Class 0 and Class 1 RFID tags that have extremely limited computation, storage, and communication capabilities, with no support for cryptography and minimal additional features.
Three components are fundamental to any RFID system: the RFID tag, the RFID reader and the data processing subsystem. The RFID tag is located on the object to be identified and is the data carrier in the RFID system. The RFID reader is able to read data from and/or write data to the RFID tag. The data processing subsystem utilizes the data obtained by the RFID reader in some useful manner.
Typical RFID tags include a microchip that stores data and a coupling element, such as a coiled antenna, for communicating via radio frequency communication. RFID tags may be either active or passive. Active RFID tags have an on-tag power supply (such as a battery) and actively send an RF signal for communication, while passive RFID tags obtain all of their power from the interrogation signal of the RFID reader and either reflect or load modulate the RFID reader's signal for communication. Most RFID tags, both passive and active, communicate only when they are interrogated by an RFID reader.
Typical RFID readers include a radio frequency module, a control unit, and a coupling element to interrogate RFID tags via radio frequency communication. In addition, many RFID readers are fitted with an interface that enables them to communicate their received data to a data processing subsystem, e.g., a database running on a personal computer. The use of radio frequencies for communication with RFID tags allows RFID readers to read passive RFID tags at small to medium distances and active RFID tags at small to large distances even when the tags are located in a hostile environment and are obscured from view.
Anti-counterfeit solutions that utilize RFID tag could be simply classified as online ones and offline ones. For the online anti-counterfeit solutions, computer communication networks are used as well. Such solutions may or may not entail security means. For example, Chinese patent applications 200410082611.1 and 200410024790.3 fall in this class of technique, while the former does not touch security means and the latter mandates security means. On the other hand, for the offline solutions, computer communication networks are not utilized, i.e. only the RFID tag and reader are utilized to authenticate products. In this case, security means are inevitably necessary. For example, Chinese patent applications 03111875.5 and 200410078160.4 fall in this class of techniques. PCT patent application WO 2005/024697 A2 is also of this class.
Existing anti-counterfeit solutions have problems in terms of cost, efficiency, usability and security.
Above all, any anti-counterfeit solution that mandates communication network support will encounter big cost on the backend server so as to handle mass product authentication queries from the consumers. Further, the communication expense will be imposed on either the consumer or the product manufacturer. If it's imposed on the consumer, such solutions will be abandoned by most of the consumers for obvious economic reasons. On the other hand, if it's imposed on the product manufacture, the mass product authentication queries from the consumers may eat up the profit of the product manufacture. That's not all. In most cases, the communication between the consumer and the backend server for product authentication takes significant time. Consumers may also turn away from such kind of solutions for time reasons.
Existing offline tag-based anti-counterfeit solutions, i.e. solutions that do not need communication network support, encounter cost as well as security troubles. Although security means have been incorporated in such kind of solutions, most of them actually are not working. Such kind of solutions generally relies on the assumption that the tag contains certain secret information and is clone-resistant, i.e. given a genuine tag containing secret information it's hard to fabricate another tag that contains the same information. If such assumption is true, those solutions are doable because security means guarantee that the secret information stored in the tag is not forgeable therefore the secret information and the tag is securely bound. Unfortunately, this assumption is totally incorrect for existing solutions. Existing solutions use all the secret information stored in the tag for product authentication. As we know, for an offline solution, it's the reader that authenticates the tag and make judgment on the authenticity of the product being attached the tag. Since all the secret information stored in the tag is used in authentication, if any one of the reader is occupied by the forger, the forger may figure out the secret information stored in the reader, exactly copy the secret information to a fake tag and in the sequel break the security of the solution. Fabricating a secure reader against conquering by the forger is possible. However, such a reader is too expensive. Similarly, it is easy to find that the radio communication between the reader and the tag is hard to be secured by security means. If the radio communication between the reader and the tag is secure, not only an expensive reader but also expensive tags are necessary for them to authenticate each other. As the consequence, the data contained in the tag could be intercepted through simply eavesdropping of the open radio communication between the reader and the tag. We conclude that an RFID tag is prone to be cloned unless an expensive tag that can authenticate the reader as well as authenticated by the reader is utilized and the radio channel between the reader and the tag is encrypted.
Here we emphasize that the inexpensive tag are at least characterized by “passive tag that has very limited computation power”. Fundamental security requirements such as pseudorandom number generation, hashing and ciphering are not available to the tag. For such an inexpensive tag, anti-clone of data is painful to all product authentication solutions. Cloned tags are fatal to especially the offline ones. The reader without network support cannot distinguish a genuine tag from a cloned one, which implies that the fake tag will definitely pass the product authentication by any genuine reader. Consequently, mass counterfeits are inevitable because a counterfeit being attached a cloned tag will be authenticated by the reader as authentic.
Some solutions addressed to the problem of data clone of offline RFID tags have been proposed. For example, Japanese Patent Publication 2005-130059 discloses a solution, which, by writing a plurality of encrypted data into a storage area of an IC chip attached to a product and reading the encrypted data in the chip for a number of times, increases the difficulty of interpreting encrypted data and thus increases the difficulty of data clone to some extent. However, data clone is still possible. The forger can obtain all the encrypted data stored in a genuine chip by reading the chip for enough number of times, and clone the data into the fake chip. A chip thus forged can definitely pass the product authentication by any genuine reader.
Therefore, there is a demand for an RFID system for offline product authentication, which can prevent cloning of data stored in an RFID tag, and has the advantages such as cheapness and efficiency.